Microsoft



[MS-WSPOL]:

Web Services:

Policy Assertions and WSDL Extensions

Intellectual Property Rights Notice for Open Specifications Documentation

▪ Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies.

▪ Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications.

▪ No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.

▪ Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft Open Specification Promise or the Community Promise. If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@.

▪ Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights. For a list of Microsoft trademarks, visit trademarks.

▪ Fictitious Names. The example companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted in this documentation are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred.

Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise.

Tools. The Open Specifications do not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. Certain Open Specifications are intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it.

Revision Summary

|Date |Revision History |Revision Class |Comments |

|09/25/2009 |0.1 |Major |First Release. |

|11/06/2009 |0.1.1 |Editorial |Revised and edited the technical content. |

|12/18/2009 |0.1.2 |Editorial |Revised and edited the technical content. |

|01/29/2010 |1.0 |Major |Updated and revised the technical content. |

|03/12/2010 |2.0 |Major |Updated and revised the technical content. |

|04/23/2010 |2.0.1 |Editorial |Revised and edited the technical content. |

|06/04/2010 |2.0.2 |Editorial |Revised and edited the technical content. |

|07/16/2010 |3.0 |Major |Significantly changed the technical content. |

|08/27/2010 |3.0 |No change |No changes to the meaning, language, or formatting of the technical |

| | | |content. |

|10/08/2010 |3.0 |No change |No changes to the meaning, language, or formatting of the technical |

| | | |content. |

|11/19/2010 |3.0 |No change |No changes to the meaning, language, or formatting of the technical |

| | | |content. |

|01/07/2011 |3.0 |No change |No changes to the meaning, language, or formatting of the technical |

| | | |content. |

|02/11/2011 |3.0 |No change |No changes to the meaning, language, or formatting of the technical |

| | | |content. |

|03/25/2011 |3.0 |No change |No changes to the meaning, language, or formatting of the technical |

| | | |content. |

|05/06/2011 |3.0 |No change |No changes to the meaning, language, or formatting of the technical |

| | | |content. |

|06/17/2011 |3.1 |Minor |Clarified the meaning of the technical content. |

|09/23/2011 |3.2 |Minor |Clarified the meaning of the technical content. |

|12/16/2011 |4.0 |Major |Significantly changed the technical content. |

|03/30/2012 |4.0 |No change |No changes to the meaning, language, or formatting of the technical |

| | | |content. |

|07/12/2012 |5.0 |Major |Significantly changed the technical content. |

|10/25/2012 |5.0 |No change |No changes to the meaning, language, or formatting of the technical |

| | | |content. |

|01/31/2013 |5.0 |No change |No changes to the meaning, language, or formatting of the technical |

| | | |content. |

|08/08/2013 |5.0 |No change |No changes to the meaning, language, or formatting of the technical |

| | | |content. |

|11/14/2013 |5.0 |No change |No changes to the meaning, language, or formatting of the technical |

| | | |content. |

|02/13/2014 |5.0 |No change |No changes to the meaning, language, or formatting of the technical |

| | | |content. |

|05/15/2014 |5.0 |No change |No changes to the meaning, language, or formatting of the technical |

| | | |content. |

Contents

1 Introduction 6

1.1 Glossary 6

1.2 References 7

1.2.1 Normative References 7

1.2.2 Informative References 8

1.3 Overview 8

1.4 Relationship to Other Protocols 10

1.5 Prerequisites/Preconditions 10

1.6 Applicability Statement 11

1.7 Versioning and Capability Negotiation 11

1.8 Vendor-Extensible Fields 11

1.9 Standards Assignments 11

2 Messages 12

2.1 Transport 12

2.2 Common Message Syntax 12

2.2.1 Namespaces 12

2.2.2 Messages 12

2.2.3 Elements 12

2.2.3.1 Basic HTTP Authentication Policy Assertion 13

2.2.3.2 Digest HTTP Authentication Policy Assertion 14

2.2.3.3 NTLM HTTP Authentication Policy Assertion 14

2.2.3.4 Negotiate HTTP Authentication Policy Assertion 14

2.2.3.5 Streamed Message Framing Policy Assertion 14

2.2.3.6 Binary Encoding Policy Assertion 15

2.2.3.7 Message Framing Transport Security Policy Assertion 15

2.2.3.8 Message Framing Security Provider Negotiation Policy Assertion 16

2.2.3.9 One-way Policy Assertion 17

2.2.3.10 Composite Duplex Policy Assertion 17

2.2.3.11 UDP Retransmission-Enabled Policy Assertion 17

2.2.3.12 WebSocket Streamed Policy Assertion 18

2.2.3.13 WebSocket Streamed Request Policy Assertion 18

2.2.3.14 WebSocket Streamed Response Policy Assertion 18

2.2.3.15 SOAP-over-UDP SOAP Binding Transport URI 19

2.2.4 Complex Types 19

2.2.5 Simple Types 19

2.2.6 Attributes 19

2.2.6.1 Using Session WSDL Extension 19

2.2.6.2 Is Initiating WSDL Extension 20

2.2.6.3 Is Terminating WSDL Extension 20

2.2.7 Groups 20

2.2.8 Attribute Groups 20

3 Protocol Details 21

3.1 Server Details 21

3.2 Client Details 21

4 Protocol Examples 22

5 Security 23

5.1 Security Considerations for Implementers 23

5.2 Index of Security Parameters 23

6 Appendix A: Full WSDL 24

6.1 Basic HTTP Authentication Policy Assertion 24

6.2 Digest HTTP Authentication Policy Assertion 25

6.3 NTLM HTTP Authentication Policy Assertion 25

6.4 Negotiate HTTP Authentication Policy Assertion 26

6.5 Streamed Message Framing Policy Assertion 26

6.6 Binary Encoding Policy Assertion 27

6.7 Message Framing Transport Security Policy Assertion 27

6.8 Message Framing Security Provider Negotiation Policy Assertion 28

6.9 One-way and Composite Duplex Policy Assertions 29

6.10 UDP Retransmission-Enabled Policy Assertion 29

6.11 WebSocket Streamed Policy Assertion 30

6.12 WebSocket Streamed Request Policy Assertion 30

6.13 WebSocket Streamed Response Policy Assertion 31

6.14 SOAP-over-UDP Transport URI 31

6.15 Using Session, Is Initiating, and Is Terminating WSDL Extensions 32

7 Appendix B: Product Behavior 33

8 Change Tracking 34

9 Index 35

1 Introduction

This document specifies a collection of Web service policy assertions and Web Services Description Language (WSDL) extensions, which define domain-specific behavior for the interaction between two Web service entities. This document does not define any specific Web service endpoints or message exchanges.

Sections 1.8, 2, and 3 of this specification are normative and can contain the terms MAY, SHOULD, MUST, MUST NOT, and SHOULD NOT as defined in RFC 2119. Sections 1.5 and 1.9 are also normative but cannot contain those terms. All other sections and examples in this specification are informative.

1.1 Glossary

The following terms are defined in [MS-GLOS]:

certificate

Hypertext Transfer Protocol (HTTP)

.NET Framework

NT LAN Manager (NTLM) Authentication Protocol

SOAP

SOAP message

SSL/TLS handshake

Transport Layer Security (TLS)

Web services

Web Services Description Language (WSDL)

WSDL operation

WSDL port type

XML

XML namespace

XML schema (XSD)

The following terms are defined in [MC-NMF]:

Initiating Stream

The following terms are defined in [WSAddressing]:

Web service endpoint

The following terms are defined in [WS-Policy]:

policy

policy alternative

policy assertion

policy attachment

policy subject

The following terms are defined in [WSDL]:

message

operation

port type

binding

port

service

The following terms are defined in [SOAP-UDP]:

retransmission

The following terms are specific to this document:

client: An application or a system that accesses a Web service endpoint.

initiating operation: A WSDL operation that is the first operation sent by the client.

notification operation: An operation in which the endpoint sends a message, as specified in [WSDL].

one-way operation: An operation in which the endpoint receives a message, as specified in [WSDL].

processing operation: A WSDL operation that is not a terminating operation.

terminating operation: A WSDL operation that is the last operation sent by a client.

WSDL extension: Represents a requirement or a capability of a Web service, which is defined by using the WSDL extensibility model.

input message: The WSDL message referred to by the input element in a WSDL operation.

output message: The WSDL message referred to by the output element in a WSDL operation.

sessionful transport: A transport that associates messages into message groups defined by the transport.

MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as described in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.

1.2 References

References to Microsoft Open Specifications documentation do not include a publishing year because links are to the latest version of the documents, which are updated frequently. References to other documents include a publishing year when one is available.

1.2.1 Normative References

We conduct frequent surveys of the normative references to assure their continued availability. If you have any issue with finding a normative reference, please contact dochelp@. We will assist you in finding the relevant information.

[MC-NBFS] Microsoft Corporation, ".NET Binary Format: SOAP Data Structure".

[MC-NBFSE] Microsoft Corporation, ".NET Binary Format: SOAP Extension".

[MC-NMF] Microsoft Corporation, ".NET Message Framing Protocol".

[MC-NPR] Microsoft Corporation, ".NET Packet Routing Protocol".

[MS-NNS] Microsoft Corporation, ".NET NegotiateStream Protocol".

[MS-NTHT] Microsoft Corporation, "NTLM Over HTTP Protocol".

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997,

[RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., et al., "HTTP Authentication: Basic and Digest Access Authentication", RFC 2617, June 1999,

[RFC4346] Dierks, T., and Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.1", RFC 4346, April 2006,

[RFC4559] Jaganathan, K., Zhu, L., and Brezak, J., "SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows", RFC 4559, June 2006,

[RFC6455] Fette, I., and Melnikov, A., "The WebSocket Protocol", RFC 6455, December 2011,

[SOAP-UDP] Combs, H., Justice, J., Kakivaya, G., et al., "SOAP-over-UDP", September 2004,

[WSAddressing] Box, D., Christensen, E., Ferguson, D., et al., "Web Services Addressing (WS-Addressing)", August 2004,

[WSDL] Christensen, E., Curbera, F., Meredith, G., and Weerawarana, S., "Web Services Description Language (WSDL) 1.1", W3C Note, March 2001,

[WS-Policy] Siddharth, B., Box, D., Chappell, D., et al., "Web Services Policy 1.2 - Framework (WS-Policy)", April 2006,

[WSPolicyAtt] BEA Systems, IBM, Microsoft Corporation, SAP, Sonic Software, VeriSign, "Web Services Policy 1.2 - Attachment (WS-PolicyAttachment)", April 2006,

[WSS] OASIS, "Web Services Security: SOAP Message Security 1.1 (WS-Security 2004)", February 2006,

[WSSP1.2] OASIS Standard, "WS-SecurityPolicy 1.2", July 2007,

[XMLNS-2ED] World Wide Web Consortium, "Namespaces in XML 1.0 (Second Edition)", August 2006,

[XMLSCHEMA1] Thompson, H.S., Beech, D., Maloney, M., and Mendelsohn, N., Eds., "XML Schema Part 1: Structures", W3C Recommendation, May 2001,

1.2.2 Informative References

[MS-GLOS] Microsoft Corporation, "Windows Protocols Master Glossary".

1.3 Overview

WS-Policy (Web Services Policy Framework) [WS-Policy] and WS-PolicyAttachment (Web Services Policy Attachment) [WSPolicyAtt] collectively define a framework, model, and grammar for expressing the requirements and general characteristics of entities in an XML Web services-based system. This document specifies the following policy assertions:

♣ Basic HTTP Authentication

The Basic HTTP Authentication policy assertion indicates that a Web service endpoint requires authentication using the Basic Authentication scheme, as specified in [RFC2617] section 2.

♣ Digest HTTP Authentication

The Digest HTTP Authentication policy assertion indicates that a Web service endpoint requires authentication using the Digest Access Authentication scheme, as specified in [RFC2617] section 3.

♣ NTLM HTTP Authentication

The NTLM HTTP Authentication policy assertion indicates that a Web service endpoint requires authentication using the NTLM over HTTP Protocol, as specified in [MS-NTHT].

♣ Negotiate HTTP Authentication

The Negotiate HTTP Authentication policy assertion indicates that a Web service endpoint requires authentication using the HTTP Negotiate Authentication scheme, as specified in [RFC4559] section 4.

♣ Streamed Message Framing

The Streamed Message Framing policy assertion indicates that a Web service endpoint requires messages to be transferred to it using the framing protocol specified in [MC-NMF] with "Singleton Unsized" mode, as specified in [MC-NMF] section 2.2.3.2.

♣ Binary Encoding

The Binary Encoding policy assertion indicates that SOAP messages are required to be formatted as specified in [MC-NBFS] or [MC-NBFSE].

♣ Message Framing Transport Security

The Message Framing Transport Security policy assertion indicates that a Web service endpoint requires messages to be transferred to it using the framing protocol specified in [MC-NMF] with an "application/ssl-tls" protocol upgrade, as specified in [MC-NMF] section 2.2.3.5.

♣ Message Framing Security Provider Negotiation

The Message Framing Security Provider Negotiation policy assertion indicates that a Web service endpoint requires messages to be transferred to it using the framing protocol specified in [MC-NMF] with an "application/negotiate" protocol upgrade, as specified in [MC-NMF] section 2.2.3.5.

♣ One-way

The One-way policy assertion indicates that a Web service endpoint treats all input messages as one-way operations and all output messages as notification operations. This policy assertion also indicates whether to send messages as .NET packets, as specified in [MC-NPR] section 2.2.2.

♣ Composite Duplex

The Composite Duplex policy assertion indicates that a Web service endpoint requires two separate transport connections for messages to and from it.

♣ UDP Retransmission Enabled

The UDP Retransmission Enabled policy assertion indicates that a Web service endpoint has enabled retransmission, as specified in [SOAP-UDP].

♣ WebSocket Streamed

The WebSocket Streamed policy assertion indicates that a Web service endpoint intends to send and receive messages as a stream of bytes, as specified in [RFC6455].

♣ WebSocket Streamed Request

The WebSocket Streamed Request policy assertion indicates that a Web service endpoint intends to receive messages as a stream of bytes.

♣ WebSocket Streamed Response

The WebSocket Streamed Response policy assertion indicates that a Web service endpoint intends to send messages as a stream of bytes.

This document specifies the following WSDL extensions using the extensibility model described in [WSDL]:

♣ Using Session

The Using Session WSDL extension, applicable over a WSDL port type, indicates whether a port type defines any initiating operations.

♣ Is Initiating

The Is Initiating WSDL extension, applicable over a WSDL operation, indicates whether this operation is an initiating operation.

♣ Is Terminating

The Is Terminating WSDL extension, applicable over a WSDL operation, indicates whether this operation is a terminating operation.

This document specifies the following WSDL URIs using the extensibility model described in [WSDL]:

♣ SOAP-over-UDP --

The SOAP-over-UDP transport defines the following URI: , which indicates that a Web service endpoint requires messages to be transferred using the [SOAP-UDP] protocol.

1.4 Relationship to Other Protocols

This document only defines policy assertions and WSDL extensions for existing protocols and does not define any new protocols.

1.5 Prerequisites/Preconditions

None.

1.6 Applicability Statement

None.

1.7 Versioning and Capability Negotiation

None.

1.8 Vendor-Extensible Fields

None.

1.9 Standards Assignments

None.

2 Messages

This document only defines policy assertions and WSDL extensions for existing protocols and does not define any new messages.

2.1 Transport

None.

2.2 Common Message Syntax

2.2.1 Namespaces

This specification defines and references the following XML namespaces using the mechanisms specified in [XMLNS-2ED], which MUST be used by the implementations of this specification.

|Prefix |Namespace URI |Reference |

|http | | |

|msf | | |

|msb | | |

|ow | | |

|cdp | | |

|msc | | |

|wsdl | |[WSDL] |

|wsp | |[WS-Policy] |

|sp | |[WSSP1.2] |

|wsu | |[WSS] |

|xs | |[XMLSCHEMA1] |

|sud | | |

|mswsp | | |

2.2.2 Messages

This specification does not define any messages.

2.2.3 Elements

The following table summarizes the set of common XML Schema element definitions defined by this specification.

|Element |Description |

|BasicAuthentication |Indicates that clients are authenticated using the Basic Authentication scheme. |

|DigestAuthentication |Indicates that clients are authenticated using the Digest Access Authentication scheme. |

|NtlmAuthentication |Indicates that clients are authenticated using the NTLM over HTTP Protocol. |

|NegotiateAuthentication |Indicates that clients are authenticated using the HTTP Negotiate Authentication scheme. |

|Streamed |Indicates that messages are exchanged using the .NET Message Framing Protocol with a particular |

| |framing mode. |

|BinaryEncoding |Indicates that messages are exchanged using the binary format with in-band dictionary specified. |

|SslTransportSecurity |Indicates that messages are exchanged using the .NET Message Framing Protocol with a particular |

| |preamble. |

|WindowsTransportSecurity |Indicates that messages are exchanged using the .NET Message Framing Protocol with a particular |

| |preamble. |

|OneWay |Indicates that all input messages are treated as input messages in one-way operations and all |

| |output messages as notification operations. |

|CompositeDuplex |Indicates that messages sent back to the client are sent using the endpoint reference provided by|

| |the client in the ReplyTo header. |

|RetransmissionEnabled |Indicates that the Web service endpoint has enabled retransmission of SOAP-over-UDP messages. |

|Streamed |Indicates that the Web service endpoint intends to send and receive messages as a stream of bytes|

| |over the WebSockets protocol. |

|StreamedRequest |Indicates that the Web service endpoint intends to receive messages as a stream of bytes over the|

| |WebSockets protocol. |

|StreamedResponse |Indicates that the Web service endpoint intends to send messages as a stream of bytes over the |

| |WebSockets protocol. |

The following sections contain the XML schema description for the policy assertions and WSDL extensions specified in this document.

2.2.3.1 Basic HTTP Authentication Policy Assertion

The following describes the content model of the BasicAuthentication element.

/http:BasicAuthentication: A Web service endpoint with Basic HTTP Authentication policy assertion MUST authenticate clients using the Basic Authentication scheme, as specified in [RFC2617] section 2.

2.2.3.2 Digest HTTP Authentication Policy Assertion

The following describes the content model of the DigestAuthentication element.

/http:DigestAuthentication: A Web service endpoint with Digest HTTP Authentication policy assertion MUST authenticate clients using the Digest Access Authentication scheme, as specified in [RFC2617] section 3.

2.2.3.3 NTLM HTTP Authentication Policy Assertion

The following describes the content model of the NtlmAuthentication element.

/http:NtlmAuthentication: A Web service endpoint with NTLM HTTP Authentication policy assertion MUST authenticate clients using the NTLM over HTTP Protocol, as specified in [MS-NTHT].

2.2.3.4 Negotiate HTTP Authentication Policy Assertion

The following describes the content model of the NegotiateAuthentication element.

/http:NegotiateAuthentication: A Web service endpoint with Negotiate HTTP Authentication policy assertion MUST authenticate clients using the HTTP Negotiate Authentication scheme, as specified in [RFC4559] section 4.

2.2.3.5 Streamed Message Framing Policy Assertion

The following describes the content model of the Streamed element.

/msf:Streamed: A Web service endpoint with Streamed Message Framing policy assertion MUST exchange messages using the .NET Message Framing Protocol [MC-NMF]. The framing mode MUST be Singleton Unsized (as described in [MC-NMF] section 2.2.3.2).

2.2.3.6 Binary Encoding Policy Assertion

The following describes the content model of the BinaryEncoding element.

/msb:BinaryEncoding: A Web service endpoint with a Binary Encoding policy assertion and configured with a sessionful transport MUST exchange messages using the binary format with in-band dictionary specified in [MC-NBFSE]. A Web service endpoint with a Binary Encoding policy assertion and configured with a transport that is not a sessionful transport MUST exchange messages using the binary format specified in [MC-NBFS].

2.2.3.7 Message Framing Transport Security Policy Assertion

The following describes the content model of the SslTransportSecurity element.

/msf:SslTransportSecurity: A Web service endpoint with the Message Framing Transport Security policy assertion MUST exchange messages using the .NET Message Framing Protocol [MC-NMF]. The preamble MUST include an upgrade request for "application/ssl-tls", as specified in [MC-NMF] section 2.2.3.5. The Web service endpoint MUST accept an upgrade request for "application/ssl-tls".

/msf:SslTransportSecurity/msf:RequireClientCertificate: A parameter that specifies that a client MUST provide a server-recognizable certificate, as specified in [RFC4346] section 7.4.6, during the initial SSL/TLS handshake described in [RFC4346] section 7.3.

The SslTransportSecurity element is nested inside the sp:TransportBinding/wsp:Policy/sp:TransportToken/wsp:Policy element of the TransportBinding Assertion, as specified in [WSSP1.2], to indicate that the SOAP message protection is provided by the Transport Layer Security Protocol [RFC4346].

2.2.3.8 Message Framing Security Provider Negotiation Policy Assertion

The following describes the content model of the WindowsTransportSecurity element.

/msf:WindowsTransportSecurity: A Web service endpoint with the Message Framing Security Provider Negotiation policy assertion MUST exchange messages using the .NET Message Framing Protocol [MC-NMF]. The preamble MUST include an upgrade request for "application/negotiate", as specified in [MC-NMF] section 2.2.3.5. The Web service endpoint MUST accept an upgrade request for "application/negotiate".

/msf:WindowsTransportSecurity/msf:ProtectionLevel: A parameter that specifies the minimal level of protection that MUST be applied to protect the Initiating Stream.

The protection level MUST be set to one of the following values:

|Value |Meaning |

|None |Specifies that the Initiating Stream SHOULD be unsigned and SHOULD be unencrypted. The Initiating Stream MAY |

| |be signed and MAY be encrypted. |

|Sign |Specifies that the Initiating Stream MUST be signed. The signed Initiating Stream SHOULD be unencrypted. The |

| |signed Initiating Stream MAY be encrypted. |

|EncryptAndSign |Specifies that the Initiating Stream MUST be encrypted and then signed. |

The WindowsTransportSecurity element is nested inside the sp:TransportBinding/wsp:Policy/sp:TransportToken/wsp:Policy element of the TransportBinding Assertion, as specified in [WSSP1.2], to indicate that the SOAP message protection is provided by the .NET NegotiateStream Protocol [MS-NNS].

2.2.3.9 One-way Policy Assertion

The following describes the content model of the OneWay element.

/ow:OneWay: A Web service endpoint with a One-way policy assertion MUST treat all input messages as input messages in one-way operations. The Web service endpoint MUST NOT send replies to a received message. The Web service endpoint MUST treat all output messages as output messages in notification operations. The Web service endpoint MUST NOT accept replies from sent messages.

/ow:OneWay/ow:PacketRoutable: When present, indicates that messages sent to the Web service endpoint MUST be sent as .NET packets, as specified in [MC-NPR] section 2.2.2.

2.2.3.10 Composite Duplex Policy Assertion

The following describes the content model of the CompositeDuplex element.

/cdp:CompositeDuplex: A Web service endpoint with a Composite Duplex policy assertion MUST send any messages intended for the client to the endpoint reference provided by the client in the ReplyTo header. Messages sent to the Web service endpoint MUST specify an endpoint reference in the ReplyTo header [WSAddressing] of each request message. Messages sent by the Web service endpoint to the client MUST be sent using the WSDL binding for the Web service endpoint.

2.2.3.11 UDP Retransmission-Enabled Policy Assertion

The following describes the content model of the RetransmissionEnabled element.

/sud:RetransmissionEnabled: A Web service endpoint with retransmission enabled MUST retransmit messages. A client SHOULD enable a mechanism to detect duplicates and take appropriate action as messages are received from this Web service endpoint.

2.2.3.12 WebSocket Streamed Policy Assertion

The following describes the content model of the Streamed element.

/mswsp:Streamed: A Web service endpoint with WebSocket Streamed policy assertion MUST send and receive messages as a stream of bytes.

2.2.3.13 WebSocket Streamed Request Policy Assertion

The following describes the content model of the StreamedRequest element.

/mswsp:StreamedRequest: A client SHOULD send a message to a Web service endpoint with WebSocket Streamed Request policy assertion as a stream of bytes.

2.2.3.14 WebSocket Streamed Response Policy Assertion

The following describes the content model of the StreamedResponse element.

/mswsp:StreamedResponse: A Web service endpoint with WebSocket Streamed Response policy assertion MUST send messages as a stream of bytes.

2.2.3.15 SOAP-over-UDP SOAP Binding Transport URI

This protocol does not define any new element. However, this protocol defines a new transport URI, , which specifies that a Web service endpoint requires messages to be transferred using the [SOAP-UDP] protocol.

2.2.4 Complex Types

This specification does not define any common XML Schema complex type definitions.

2.2.5 Simple Types

This specification does not define any common XML Schema simple type definitions.

2.2.6 Attributes

The following table summarizes the set of common XML Schema attribute definitions defined by this specification.

|Attribute |Description |

|usingSession |Specifies that session semantics are required. |

|isInitiating |Indicates that an operation is an initiating operation. |

|isTerminating |Indicates that an operation is a terminating operation. |

The following sections contain the XML schema description for the WSDL extensions specified in this document.

2.2.6.1 Using Session WSDL Extension

The following describes the content model of the usingSession attribute.

/msc:usingSession: A WSDL port type having a Using Session WSDL extension with a true value specifies that:

♣ At least one initiating operation MUST be present.

♣ At least one terminating operation MAY be present.

♣ A client MUST request one or more initiating operations, followed by zero or more processing operations, followed by zero or one terminating operations.

♣ The Web service endpoint MUST process all operations in the order they were sent by the client.

2.2.6.2 Is Initiating WSDL Extension

The following describes the content model of the isInitiating attribute.

/msc:isInitiating: A WSDL operation having an Is Initiating WSDL extension with a true value indicates that this operation is an initiating operation.

2.2.6.3 Is Terminating WSDL Extension

The following describes the content model of the isTerminating attribute.

/msc:isTerminating: A WSDL operation having an Is Terminating WSDL extension that has a true value indicates that the operation is a terminating operation.

2.2.7 Groups

This specification does not define any common XML Schema group definitions.

2.2.8 Attribute Groups

This specification does not define any common XML Schema attribute group definitions.

3 Protocol Details

The policy assertions defined in this document specify behavior over all messages sent to and from a Web service endpoint and so they MUST have the following policy subjects:

♣ Endpoint policy subject

[WSPolicyAtt] defines a set of WSDL/1.1 [WSDL] policy attachment points for the policy subject noted previously.

The following is the list of WSDL/1.1 [WSDL] elements whose scope contains the policy subject for the policy assertions defined in this document, but which MUST NOT have the policy assertions attached:

♣ wsdl:portType

♣ wsdl:port

The following is the list of WSDL/1.1 [WSDL] elements whose scope contains the policy subject for the policy assertions defined in this document, and which MAY have the policy assertions attached:

♣ wsdl:binding

The assertions defined in this document MUST NOT contain a nested policy expression.

The assertions defined in this document MUST NOT be specified multiple times in the same policy alternative.

The Using Session WSDL extension defined in this document MAY be used on the following list of WSDL/1.1 [WSDL] elements:

♣ wsdl:portType

The Is Initiating and Is Terminating WSDL extensions defined in this document MAY be used on the following list of WSDL/1.1 [WSDL] elements:

♣ wsdl:operation

3.1 Server Details

None.

3.2 Client Details

None.

4 Protocol Examples

Section 6, Appendix A: Full WSDL, provides examples of all of the policy assertions specified in this document.

5 Security

5.1 Security Considerations for Implementers

Security considerations are discussed in detail under the security considerations section in [WS-Policy].

5.2 Index of Security Parameters

None.

6 Appendix A: Full WSDL

For ease of implementation the full WSDLs with schemas are provided in the following sections.

|WSDL or schema name |Assertion/WSDL extension/Transport URI |Section |

|Basic HTTP Authentication Policy Assertion |http:BasicAuthentication |6.1 |

|Digest HTTP Authentication Policy Assertion |http:DigestAuthentication |6.2 |

|NTLM HTTP Authentication Policy Assertion |http:NtlmAuthentication |6.3 |

|Negotiate HTTP Authentication Policy Assertion |http:NegotiateAuthentication |6.4 |

|Streamed Message Framing Policy Assertion |msf:Streamed |6.5 |

|Binary Encoding Policy Assertion |msb:BinaryEncoding |6.6 |

|Message Framing Transport Security Policy Assertion |msf:SslTransportSecurity |6.7 |

|Message Framing Security Provider Negotiation Policy |msf:WindowsTransportSecurity |6.8 |

|Assertion | | |

|One-way Policy Assertion |ow:OneWay |6.9 |

|Composite Duplex Policy Assertion |cdp:CompositeDuplex |6.9 |

|UDP Retransmission Enabled Policy Assertion |sud:RetransmissionEnabled |6.10 |

|WebSocket Streamed Policy Assertion |mswsp:Streamed |6.11 |

|WebSocket Streamed Request Policy Assertion |mswsp:StreamedRequest |6.12 |

|WebSocket Streamed Response Policy Assertion |mswsp:StreamedResponse |6.13 |

|SOAP-over-UDP transport URI | |6.14 |

|Using Session WSDL Extension |msc:UsingSession |6.15 |

|Is Initiating WSDL Extension |msc:IsInitiating |6.15 |

|Is Terminating WSDL Extension |msc:IsTerminating |6.15 |

6.1 Basic HTTP Authentication Policy Assertion

6.2 Digest HTTP Authentication Policy Assertion

6.3 NTLM HTTP Authentication Policy Assertion

6.4 Negotiate HTTP Authentication Policy Assertion

6.5 Streamed Message Framing Policy Assertion

6.6 Binary Encoding Policy Assertion

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download